From d6101df29c7069326d26628f131f0ef8882ad68b Mon Sep 17 00:00:00 2001 From: Paul Hohensee Date: Sun, 18 Dec 2022 16:43:41 +0000 Subject: [PATCH] 8254717: isAssignableFrom checks in KeyFactorySpi.engineGetKeySpec appear to be backwards Reviewed-by: andrew Backport-of: a777e82cd81fb5f02b09c4917b2a44f94c603939 --- .../sun/crypto/provider/DESKeyFactory.java | 4 +- .../sun/crypto/provider/DESedeKeyFactory.java | 4 +- .../com/sun/crypto/provider/DHKeyFactory.java | 10 +-- .../classes/sun/security/ec/ECKeyFactory.java | 10 +-- .../sun/security/pkcs11/P11DHKeyFactory.java | 6 +- .../sun/security/pkcs11/P11DSAKeyFactory.java | 6 +- .../sun/security/pkcs11/P11ECKeyFactory.java | 6 +- .../sun/security/pkcs11/P11KeyFactory.java | 6 +- .../sun/security/pkcs11/P11RSAKeyFactory.java | 6 +- .../security/pkcs11/P11SecretKeyFactory.java | 8 +-- .../sun/security/provider/DSAKeyFactory.java | 10 +-- .../sun/security/rsa/RSAKeyFactory.java | 10 +-- .../KeyFactoryGetKeySpecForInvalidSpec.java | 67 +++++++++++++++++++ jdk/test/sun/security/rsa/TestKeyFactory.java | 16 +++-- .../security/rsa/pss/TestPSSKeySupport.java | 11 +-- 15 files changed, 126 insertions(+), 54 deletions(-) create mode 100644 jdk/test/java/security/KeyFactory/KeyFactoryGetKeySpecForInvalidSpec.java diff --git a/jdk/src/share/classes/com/sun/crypto/provider/DESKeyFactory.java b/jdk/src/share/classes/com/sun/crypto/provider/DESKeyFactory.java index f51de29ba8b..691d45e1a11 100644 --- a/jdk/src/share/classes/com/sun/crypto/provider/DESKeyFactory.java +++ b/jdk/src/share/classes/com/sun/crypto/provider/DESKeyFactory.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -106,7 +106,7 @@ protected KeySpec engineGetKeySpec(SecretKey key, Class keySpec) // Check if requested key spec is amongst the valid ones if ((keySpec != null) && - DESKeySpec.class.isAssignableFrom(keySpec)) { + keySpec.isAssignableFrom(DESKeySpec.class)) { return new DESKeySpec(key.getEncoded()); } else { diff --git a/jdk/src/share/classes/com/sun/crypto/provider/DESedeKeyFactory.java b/jdk/src/share/classes/com/sun/crypto/provider/DESedeKeyFactory.java index d2d2d7d47ea..339d664772a 100644 --- a/jdk/src/share/classes/com/sun/crypto/provider/DESedeKeyFactory.java +++ b/jdk/src/share/classes/com/sun/crypto/provider/DESedeKeyFactory.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -102,7 +102,7 @@ protected KeySpec engineGetKeySpec(SecretKey key, Class keySpec) && (key.getFormat().equalsIgnoreCase("RAW"))) { // Check if requested key spec is amongst the valid ones - if (DESedeKeySpec.class.isAssignableFrom(keySpec)) { + if (keySpec.isAssignableFrom(DESedeKeySpec.class)) { return new DESedeKeySpec(key.getEncoded()); } else { diff --git a/jdk/src/share/classes/com/sun/crypto/provider/DHKeyFactory.java b/jdk/src/share/classes/com/sun/crypto/provider/DHKeyFactory.java index 273d49eb076..6b716e5305c 100644 --- a/jdk/src/share/classes/com/sun/crypto/provider/DHKeyFactory.java +++ b/jdk/src/share/classes/com/sun/crypto/provider/DHKeyFactory.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -145,7 +145,7 @@ T engineGetKeySpec(Key key, Class keySpec) if (key instanceof javax.crypto.interfaces.DHPublicKey) { - if (DHPublicKeySpec.class.isAssignableFrom(keySpec)) { + if (keySpec.isAssignableFrom(DHPublicKeySpec.class)) { javax.crypto.interfaces.DHPublicKey dhPubKey = (javax.crypto.interfaces.DHPublicKey) key; params = dhPubKey.getParams(); @@ -153,7 +153,7 @@ T engineGetKeySpec(Key key, Class keySpec) params.getP(), params.getG())); - } else if (X509EncodedKeySpec.class.isAssignableFrom(keySpec)) { + } else if (keySpec.isAssignableFrom(X509EncodedKeySpec.class)) { return keySpec.cast(new X509EncodedKeySpec(key.getEncoded())); } else { @@ -163,7 +163,7 @@ T engineGetKeySpec(Key key, Class keySpec) } else if (key instanceof javax.crypto.interfaces.DHPrivateKey) { - if (DHPrivateKeySpec.class.isAssignableFrom(keySpec)) { + if (keySpec.isAssignableFrom(DHPrivateKeySpec.class)) { javax.crypto.interfaces.DHPrivateKey dhPrivKey = (javax.crypto.interfaces.DHPrivateKey)key; params = dhPrivKey.getParams(); @@ -171,7 +171,7 @@ T engineGetKeySpec(Key key, Class keySpec) params.getP(), params.getG())); - } else if (PKCS8EncodedKeySpec.class.isAssignableFrom(keySpec)) { + } else if (keySpec.isAssignableFrom(PKCS8EncodedKeySpec.class)) { return keySpec.cast(new PKCS8EncodedKeySpec(key.getEncoded())); } else { diff --git a/jdk/src/share/classes/sun/security/ec/ECKeyFactory.java b/jdk/src/share/classes/sun/security/ec/ECKeyFactory.java index 16ee6778169..fdcfaa2fe4d 100644 --- a/jdk/src/share/classes/sun/security/ec/ECKeyFactory.java +++ b/jdk/src/share/classes/sun/security/ec/ECKeyFactory.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2021, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -256,12 +256,12 @@ protected T engineGetKeySpec(Key key, Class keySpec) } if (key instanceof ECPublicKey) { ECPublicKey ecKey = (ECPublicKey)key; - if (ECPublicKeySpec.class.isAssignableFrom(keySpec)) { + if (keySpec.isAssignableFrom(ECPublicKeySpec.class)) { return keySpec.cast(new ECPublicKeySpec( ecKey.getW(), ecKey.getParams() )); - } else if (X509EncodedKeySpec.class.isAssignableFrom(keySpec)) { + } else if (keySpec.isAssignableFrom(X509EncodedKeySpec.class)) { return keySpec.cast(new X509EncodedKeySpec(key.getEncoded())); } else { throw new InvalidKeySpecException @@ -269,9 +269,9 @@ protected T engineGetKeySpec(Key key, Class keySpec) + "X509EncodedKeySpec for EC public keys"); } } else if (key instanceof ECPrivateKey) { - if (PKCS8EncodedKeySpec.class.isAssignableFrom(keySpec)) { + if (keySpec.isAssignableFrom(PKCS8EncodedKeySpec.class)) { return keySpec.cast(new PKCS8EncodedKeySpec(key.getEncoded())); - } else if (ECPrivateKeySpec.class.isAssignableFrom(keySpec)) { + } else if (keySpec.isAssignableFrom(ECPrivateKeySpec.class)) { ECPrivateKey ecKey = (ECPrivateKey)key; return keySpec.cast(new ECPrivateKeySpec( ecKey.getS(), diff --git a/jdk/src/share/classes/sun/security/pkcs11/P11DHKeyFactory.java b/jdk/src/share/classes/sun/security/pkcs11/P11DHKeyFactory.java index 381569435ef..32e985d1090 100644 --- a/jdk/src/share/classes/sun/security/pkcs11/P11DHKeyFactory.java +++ b/jdk/src/share/classes/sun/security/pkcs11/P11DHKeyFactory.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -214,7 +214,7 @@ private PrivateKey generatePrivate(BigInteger x, BigInteger p, T implGetPublicKeySpec(P11Key key, Class keySpec, Session[] session) throws PKCS11Exception, InvalidKeySpecException { - if (DHPublicKeySpec.class.isAssignableFrom(keySpec)) { + if (keySpec.isAssignableFrom(DHPublicKeySpec.class)) { session[0] = token.getObjSession(); CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { new CK_ATTRIBUTE(CKA_VALUE), @@ -241,7 +241,7 @@ T implGetPublicKeySpec(P11Key key, Class keySpec, T implGetPrivateKeySpec(P11Key key, Class keySpec, Session[] session) throws PKCS11Exception, InvalidKeySpecException { - if (DHPrivateKeySpec.class.isAssignableFrom(keySpec)) { + if (keySpec.isAssignableFrom(DHPrivateKeySpec.class)) { session[0] = token.getObjSession(); CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { new CK_ATTRIBUTE(CKA_VALUE), diff --git a/jdk/src/share/classes/sun/security/pkcs11/P11DSAKeyFactory.java b/jdk/src/share/classes/sun/security/pkcs11/P11DSAKeyFactory.java index 9263fc857f7..ffacd34c2be 100644 --- a/jdk/src/share/classes/sun/security/pkcs11/P11DSAKeyFactory.java +++ b/jdk/src/share/classes/sun/security/pkcs11/P11DSAKeyFactory.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -210,7 +210,7 @@ private PrivateKey generatePrivate(BigInteger x, BigInteger p, T implGetPublicKeySpec(P11Key key, Class keySpec, Session[] session) throws PKCS11Exception, InvalidKeySpecException { - if (DSAPublicKeySpec.class.isAssignableFrom(keySpec)) { + if (keySpec.isAssignableFrom(DSAPublicKeySpec.class)) { session[0] = token.getObjSession(); CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { new CK_ATTRIBUTE(CKA_VALUE), @@ -239,7 +239,7 @@ T implGetPublicKeySpec(P11Key key, Class keySpec, T implGetPrivateKeySpec(P11Key key, Class keySpec, Session[] session) throws PKCS11Exception, InvalidKeySpecException { - if (DSAPrivateKeySpec.class.isAssignableFrom(keySpec)) { + if (keySpec.isAssignableFrom(DSAPrivateKeySpec.class)) { session[0] = token.getObjSession(); CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { new CK_ATTRIBUTE(CKA_VALUE), diff --git a/jdk/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java b/jdk/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java index ed1b84e96c5..7c3b93e0400 100644 --- a/jdk/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java +++ b/jdk/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2021, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -284,7 +284,7 @@ private PrivateKey generatePrivate(BigInteger s, ECParameterSpec params) T implGetPublicKeySpec(P11Key key, Class keySpec, Session[] session) throws PKCS11Exception, InvalidKeySpecException { - if (ECPublicKeySpec.class.isAssignableFrom(keySpec)) { + if (keySpec.isAssignableFrom(ECPublicKeySpec.class)) { session[0] = token.getObjSession(); CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { new CK_ATTRIBUTE(CKA_EC_POINT), @@ -309,7 +309,7 @@ T implGetPublicKeySpec(P11Key key, Class keySpec, T implGetPrivateKeySpec(P11Key key, Class keySpec, Session[] session) throws PKCS11Exception, InvalidKeySpecException { - if (ECPrivateKeySpec.class.isAssignableFrom(keySpec)) { + if (keySpec.isAssignableFrom(ECPrivateKeySpec.class)) { session[0] = token.getObjSession(); CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { new CK_ATTRIBUTE(CKA_VALUE), diff --git a/jdk/src/share/classes/sun/security/pkcs11/P11KeyFactory.java b/jdk/src/share/classes/sun/security/pkcs11/P11KeyFactory.java index 0442203e50d..2923c47ac46 100644 --- a/jdk/src/share/classes/sun/security/pkcs11/P11KeyFactory.java +++ b/jdk/src/share/classes/sun/security/pkcs11/P11KeyFactory.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -73,8 +73,8 @@ protected final T engineGetKeySpec(Key key, Class keySpec ("key and keySpec must not be null"); } // delegate to our Java based providers for PKCS#8 and X.509 - if (PKCS8EncodedKeySpec.class.isAssignableFrom(keySpec) - || X509EncodedKeySpec.class.isAssignableFrom(keySpec)) { + if (keySpec.isAssignableFrom(PKCS8EncodedKeySpec.class) + || keySpec.isAssignableFrom(X509EncodedKeySpec.class)) { try { return implGetSoftwareFactory().getKeySpec(key, keySpec); } catch (GeneralSecurityException e) { diff --git a/jdk/src/share/classes/sun/security/pkcs11/P11RSAKeyFactory.java b/jdk/src/share/classes/sun/security/pkcs11/P11RSAKeyFactory.java index b3bfcc7757d..b5fba370fde 100644 --- a/jdk/src/share/classes/sun/security/pkcs11/P11RSAKeyFactory.java +++ b/jdk/src/share/classes/sun/security/pkcs11/P11RSAKeyFactory.java @@ -257,7 +257,7 @@ private PrivateKey generatePrivate(BigInteger n, BigInteger e, T implGetPublicKeySpec(P11Key key, Class keySpec, Session[] session) throws PKCS11Exception, InvalidKeySpecException { - if (RSAPublicKeySpec.class.isAssignableFrom(keySpec)) { + if (keySpec.isAssignableFrom(RSAPublicKeySpec.class)) { session[0] = token.getObjSession(); CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { new CK_ATTRIBUTE(CKA_MODULUS), @@ -282,7 +282,7 @@ T implGetPublicKeySpec(P11Key key, Class keySpec, T implGetPrivateKeySpec(P11Key key, Class keySpec, Session[] session) throws PKCS11Exception, InvalidKeySpecException { - if (RSAPrivateCrtKeySpec.class.isAssignableFrom(keySpec)) { + if (keySpec.isAssignableFrom(RSAPrivateCrtKeySpec.class)) { session[0] = token.getObjSession(); CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { new CK_ATTRIBUTE(CKA_MODULUS), @@ -312,7 +312,7 @@ T implGetPrivateKeySpec(P11Key key, Class keySpec, attributes[7].getBigInteger() ); return keySpec.cast(spec); - } else if (RSAPrivateKeySpec.class.isAssignableFrom(keySpec)) { + } else if (keySpec.isAssignableFrom(RSAPrivateKeySpec.class)) { session[0] = token.getObjSession(); CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { new CK_ATTRIBUTE(CKA_MODULUS), diff --git a/jdk/src/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java b/jdk/src/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java index e6ed8874196..986bf2cd7c2 100644 --- a/jdk/src/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java +++ b/jdk/src/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -330,11 +330,11 @@ protected KeySpec engineGetKeySpec(SecretKey key, Class keySpec) throw new InvalidKeySpecException ("key and keySpec must not be null"); } - if (SecretKeySpec.class.isAssignableFrom(keySpec)) { + if (keySpec.isAssignableFrom(SecretKeySpec.class)) { return new SecretKeySpec(getKeyBytes(key), algorithm); } else if (algorithm.equalsIgnoreCase("DES")) { try { - if (DESKeySpec.class.isAssignableFrom(keySpec)) { + if (keySpec.isAssignableFrom(DESKeySpec.class)) { return new DESKeySpec(getKeyBytes(key)); } } catch (InvalidKeyException e) { @@ -342,7 +342,7 @@ protected KeySpec engineGetKeySpec(SecretKey key, Class keySpec) } } else if (algorithm.equalsIgnoreCase("DESede")) { try { - if (DESedeKeySpec.class.isAssignableFrom(keySpec)) { + if (keySpec.isAssignableFrom(DESedeKeySpec.class)) { return new DESedeKeySpec(getKeyBytes(key)); } } catch (InvalidKeyException e) { diff --git a/jdk/src/share/classes/sun/security/provider/DSAKeyFactory.java b/jdk/src/share/classes/sun/security/provider/DSAKeyFactory.java index 72797aea18b..67a3d346c50 100644 --- a/jdk/src/share/classes/sun/security/provider/DSAKeyFactory.java +++ b/jdk/src/share/classes/sun/security/provider/DSAKeyFactory.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -187,7 +187,7 @@ T engineGetKeySpec(Key key, Class keySpec) Class x509KeySpec = Class.forName ("java.security.spec.X509EncodedKeySpec"); - if (dsaPubKeySpec.isAssignableFrom(keySpec)) { + if (keySpec.isAssignableFrom(dsaPubKeySpec)) { java.security.interfaces.DSAPublicKey dsaPubKey = (java.security.interfaces.DSAPublicKey)key; params = dsaPubKey.getParams(); @@ -196,7 +196,7 @@ T engineGetKeySpec(Key key, Class keySpec) params.getQ(), params.getG())); - } else if (x509KeySpec.isAssignableFrom(keySpec)) { + } else if (keySpec.isAssignableFrom(x509KeySpec)) { return keySpec.cast(new X509EncodedKeySpec(key.getEncoded())); } else { @@ -212,7 +212,7 @@ T engineGetKeySpec(Key key, Class keySpec) Class pkcs8KeySpec = Class.forName ("java.security.spec.PKCS8EncodedKeySpec"); - if (dsaPrivKeySpec.isAssignableFrom(keySpec)) { + if (keySpec.isAssignableFrom(dsaPrivKeySpec)) { java.security.interfaces.DSAPrivateKey dsaPrivKey = (java.security.interfaces.DSAPrivateKey)key; params = dsaPrivKey.getParams(); @@ -221,7 +221,7 @@ T engineGetKeySpec(Key key, Class keySpec) params.getQ(), params.getG())); - } else if (pkcs8KeySpec.isAssignableFrom(keySpec)) { + } else if (keySpec.isAssignableFrom(pkcs8KeySpec)) { return keySpec.cast(new PKCS8EncodedKeySpec(key.getEncoded())); } else { diff --git a/jdk/src/share/classes/sun/security/rsa/RSAKeyFactory.java b/jdk/src/share/classes/sun/security/rsa/RSAKeyFactory.java index 021fa931829..6702b0e42f6 100644 --- a/jdk/src/share/classes/sun/security/rsa/RSAKeyFactory.java +++ b/jdk/src/share/classes/sun/security/rsa/RSAKeyFactory.java @@ -404,13 +404,13 @@ protected T engineGetKeySpec(Key key, Class keySpec) } if (key instanceof RSAPublicKey) { RSAPublicKey rsaKey = (RSAPublicKey)key; - if (RSA_PUB_KEYSPEC_CLS.isAssignableFrom(keySpec)) { + if (keySpec.isAssignableFrom(RSA_PUB_KEYSPEC_CLS)) { return keySpec.cast(new RSAPublicKeySpec( rsaKey.getModulus(), rsaKey.getPublicExponent(), rsaKey.getParams() )); - } else if (X509_KEYSPEC_CLS.isAssignableFrom(keySpec)) { + } else if (keySpec.isAssignableFrom(X509_KEYSPEC_CLS)) { return keySpec.cast(new X509EncodedKeySpec(key.getEncoded())); } else { throw new InvalidKeySpecException @@ -418,9 +418,9 @@ protected T engineGetKeySpec(Key key, Class keySpec) + "X509EncodedKeySpec for RSA public keys"); } } else if (key instanceof RSAPrivateKey) { - if (PKCS8_KEYSPEC_CLS.isAssignableFrom(keySpec)) { + if (keySpec.isAssignableFrom(PKCS8_KEYSPEC_CLS)) { return keySpec.cast(new PKCS8EncodedKeySpec(key.getEncoded())); - } else if (RSA_PRIVCRT_KEYSPEC_CLS.isAssignableFrom(keySpec)) { + } else if (keySpec.isAssignableFrom(RSA_PRIVCRT_KEYSPEC_CLS)) { if (key instanceof RSAPrivateCrtKey) { RSAPrivateCrtKey crtKey = (RSAPrivateCrtKey)key; return keySpec.cast(new RSAPrivateCrtKeySpec( @@ -438,7 +438,7 @@ protected T engineGetKeySpec(Key key, Class keySpec) throw new InvalidKeySpecException ("RSAPrivateCrtKeySpec can only be used with CRT keys"); } - } else if (RSA_PRIV_KEYSPEC_CLS.isAssignableFrom(keySpec)) { + } else if (keySpec.isAssignableFrom(RSA_PRIV_KEYSPEC_CLS)) { RSAPrivateKey rsaKey = (RSAPrivateKey)key; return keySpec.cast(new RSAPrivateKeySpec( rsaKey.getModulus(), diff --git a/jdk/test/java/security/KeyFactory/KeyFactoryGetKeySpecForInvalidSpec.java b/jdk/test/java/security/KeyFactory/KeyFactoryGetKeySpecForInvalidSpec.java new file mode 100644 index 00000000000..ca94a09282c --- /dev/null +++ b/jdk/test/java/security/KeyFactory/KeyFactoryGetKeySpecForInvalidSpec.java @@ -0,0 +1,67 @@ +/* + * Copyright (c) 2021, Amazon.com, Inc. or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * @test + * @bug 8254717 + * @summary isAssignableFrom checks in KeyFactorySpi.engineGetKeySpec appear to be backwards. + * @author Greg Rubin, Ziyi Luo + */ + +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.spec.*; + +public class KeyFactoryGetKeySpecForInvalidSpec { + public static void main(String[] args) throws Exception { + KeyPairGenerator kg = KeyPairGenerator.getInstance("RSA"); + kg.initialize(2048); + KeyPair pair = kg.generateKeyPair(); + + KeyFactory factory = KeyFactory.getInstance("RSA"); + + // Since RSAPrivateCrtKeySpec inherits from RSAPrivateKeySpec, we'd expect this next line to return an instance of RSAPrivateKeySpec + // (because the private key has CRT parts). + KeySpec spec = factory.getKeySpec(pair.getPrivate(), RSAPrivateKeySpec.class); + if (!(spec instanceof RSAPrivateCrtKeySpec)) { + throw new Exception("Spec should be an instance of RSAPrivateCrtKeySpec"); + } + + // This next line should give an InvalidKeySpec exception + try { + spec = factory.getKeySpec(pair.getPublic(), FakeX509Spec.class); + throw new Exception("InvalidKeySpecException is expected but not thrown"); + } catch (final ClassCastException ex) { + throw new Exception("InvalidKeySpecException is expected ClassCastException is thrown", ex); + } catch (final InvalidKeySpecException ex) { + // Pass + } + } + + public static class FakeX509Spec extends X509EncodedKeySpec { + public FakeX509Spec(byte[] encodedKey) { + super(encodedKey); + } + } +} diff --git a/jdk/test/sun/security/rsa/TestKeyFactory.java b/jdk/test/sun/security/rsa/TestKeyFactory.java index 548d1bf4a6f..8200e05c9b8 100644 --- a/jdk/test/sun/security/rsa/TestKeyFactory.java +++ b/jdk/test/sun/security/rsa/TestKeyFactory.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,7 +23,7 @@ /** * @test - * @bug 4853305 + * @bug 4853305 8254717 * @summary Test KeyFactory of the new RSA provider * @author Andreas Sterbenz */ @@ -107,11 +107,15 @@ private static void testPrivate(KeyFactory kf, PrivateKey key) throws Exception KeySpec rsaSpec2 = kf.getKeySpec(key, RSAPrivateKeySpec.class); PrivateKey key6 = kf.generatePrivate(rsaSpec2); - RSAPrivateKey rsaKey = (RSAPrivateKey)key; - KeySpec rsaSpec3 = new RSAPrivateKeySpec(rsaKey.getModulus(), rsaKey.getPrivateExponent()); - PrivateKey key7 = kf.generatePrivate(rsaSpec3); testKey(key6, key6); - testKey(key6, key7); + if (key instanceof RSAPrivateCrtKey) { + RSAPrivateCrtKey rsaKey = (RSAPrivateCrtKey)key; + KeySpec rsaSpec3 = new RSAPrivateCrtKeySpec(rsaKey.getModulus(), + rsaKey.getPublicExponent(), rsaKey.getPrivateExponent(), rsaKey.getPrimeP(), rsaKey.getPrimeQ(), + rsaKey.getPrimeExponentP(), rsaKey.getPrimeExponentQ(), rsaKey.getCrtCoefficient(), rsaKey.getParams()); + PrivateKey key7 = kf.generatePrivate(rsaSpec3); + testKey(key6, key7); + } } private static void test(KeyFactory kf, Key key) throws Exception { diff --git a/jdk/test/sun/security/rsa/pss/TestPSSKeySupport.java b/jdk/test/sun/security/rsa/pss/TestPSSKeySupport.java index c9c7a27e186..972d44dd9ca 100644 --- a/jdk/test/sun/security/rsa/pss/TestPSSKeySupport.java +++ b/jdk/test/sun/security/rsa/pss/TestPSSKeySupport.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,7 +23,7 @@ /** * @test - * @bug 8146293 8242556 + * @bug 8146293 8242556 8254717 * @summary Test RSASSA-PSS Key related support such as KeyPairGenerator * and KeyFactory of the SunRsaSign provider */ @@ -98,9 +98,10 @@ private static void testPrivate(KeyFactory kf, PrivateKey key) throws Exception KeySpec rsaSpec2 = kf.getKeySpec(key, RSAPrivateKeySpec.class); PrivateKey key6 = kf.generatePrivate(rsaSpec2); - RSAPrivateKey rsaKey = (RSAPrivateKey)key; - KeySpec rsaSpec3 = new RSAPrivateKeySpec(rsaKey.getModulus(), - rsaKey.getPrivateExponent(), rsaKey.getParams()); + RSAPrivateCrtKey rsaKey = (RSAPrivateCrtKey)key; + KeySpec rsaSpec3 = new RSAPrivateCrtKeySpec(rsaKey.getModulus(), + rsaKey.getPublicExponent(), rsaKey.getPrivateExponent(), rsaKey.getPrimeP(), rsaKey.getPrimeQ(), + rsaKey.getPrimeExponentP(), rsaKey.getPrimeExponentQ(), rsaKey.getCrtCoefficient(), rsaKey.getParams()); PrivateKey key7 = kf.generatePrivate(rsaSpec3); testKey(key6, key6); testKey(key6, key7);